Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • Chave Solutions

    Загружено:

    Ayorws Nosferatus
    11 просмотров4 страницы
    Crackme put some nubmers to use them for serial generation ( 4 routi nes used ) we go explain what each routine do.

    Исходное описание:

    Авторское право

    © Attribution Non-Commercial (BY-NC)

    Доступные форматы

    TXT, PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    Crackme put some nubmers to use them for serial generation ( 4 routi nes used ) we go explain what each routine do.

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате TXT, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    11 просмотров4 страницы

    Chave Solutions

    Загружено:

    Ayorws Nosferatus
    Crackme put some nubmers to use them for serial generation ( 4 routi nes used ) we go explain what each routine do.

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате TXT, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 4

    ***********************************************

    First Unpack the crackme then Load it on OllyDbg (it's Written in Asm so it's ea
    sy to Understand),
    then run it, type your name and a fake serial and put a breakpoint on getdlgitem
    text , and trace
    right here:
    004010C7 |. 83F8 10
    CMP EAX,10
    ; Serial must be 10h =
    16d char if not .. bad serial
    004010CA |. 75 5D
    JNZ SHORT UNPACKED.00401129
    ........
    .......
    .........
    ........
    .......
    .........
    004010DD |.
    004010DF |.
    004010E1 |.
    ost 8 char
    004010E4 |.
    004010E6 |.
    1 char
    004010E9 |.

    85C0
    74 20
    83F8 08

    TEST EAX,EAX
    JE SHORT UNPACKED.00401101
    CMP EAX,8

    ; Name must be at the m

    7F 2F
    83F8 01

    JG SHORT UNPACKED.00401115
    CMP EAX,1

    ; Name must be at least

    7C 02

    JL SHORT UNPACKED.004010ED

    If you look a little abouve you can see this:


    00401046
    0040104D
    00401054
    0040105B
    00401062
    00401069
    00401070
    00401077
    0040107E
    00401085
    0040108C
    00401093
    0040109A
    004010A1
    004010A8
    004010AF

    |.
    |.
    |.
    |.
    |.
    |.
    |.
    |.
    |.
    |.
    |.
    |.
    |.
    |.
    |.
    |.

    C605
    C605
    C605
    C605
    C605
    C605
    C605
    C605
    C605
    C605
    C605
    C605
    C605
    C605
    C605
    C605

    87304000
    88304000
    89304000
    8A304000
    8B304000
    8C304000
    8D304000
    8E304000
    8F304000
    90304000
    91304000
    92304000
    93304000
    94304000
    95304000
    96304000

    >MOV
    >MOV
    >MOV
    >MOV
    >MOV
    >MOV
    >MOV
    >MOV
    >MOV
    >MOV
    >MOV
    >MOV
    >MOV
    >MOV
    >MOV
    >MOV

    BYTE
    BYTE
    BYTE
    BYTE
    BYTE
    BYTE
    BYTE
    BYTE
    BYTE
    BYTE
    BYTE
    BYTE
    BYTE
    BYTE
    BYTE
    BYTE

    PTR
    PTR
    PTR
    PTR
    PTR
    PTR
    PTR
    PTR
    PTR
    PTR
    PTR
    PTR
    PTR
    PTR
    PTR
    PTR

    DS:[403087],53
    DS:[403088],4A
    DS:[403089],4B
    DS:[40308A],41
    DS:[40308B],5A
    DS:[40308C],42
    DS:[40308D],56
    DS:[40308E],54
    DS:[40308F],45
    DS:[403090],43
    DS:[403091],47
    DS:[403092],49
    DS:[403093],44
    DS:[403094],46
    DS:[403095],4E
    DS:[403096],47

    so here the crackme put some nubmers to use them for Serial generation ( 4 routi
    nes used ), we
    gone explain what each routine do ;)
    **** Routine 1 **** ( serial-1- Generation)
    0040113d
    0040113f
    00401141
    00401143
    00401145

    |>
    |.
    |.
    |.
    |.

    33db
    33c9
    33d2
    33ff
    33f6

    xor
    xor
    xor
    xor
    xor

    ebx,ebx
    ecx,ecx
    edx,edx
    edi,edi
    esi,esi

    ;\
    ; }
    ; }-------------> "Zero" on Registers
    ; }
    ;/

    00401147 |> 8a99 a0304000 /mov bl,byte ptr ds:[ecx+4030a0] ;<---- put each ch
    ar of our name on bl
    0040114d |. 80fb 41
    |cmp bl,41
    ;<---- compare thi

    s char with 41h


    00401150 |. 7c 07
    |jl short unpacked.00401159
    ;<---- jump if les
    s
    00401152 |> 80fb 5a
    |cmp bl,5a
    ;<---- compare thi
    s char with 5Ah
    00401155 |. 7f 0e
    |jg short unpacked.00401165
    ;<---- jump if Gre
    ater
    00401157 |> eb 1f
    |jmp short unpacked.00401178
    00401159 |> 80c3 20
    |add bl,20
    0040115c |. 80fb 41
    |cmp bl,41
    0040115f |. 7d 02
    |jge short unpacked.00401163
    00401161 |. B3 46
    |mov bl,46
    00401163 |>^eb ed
    |jmp short unpacked.00401152
    00401165 |> 80eb 20
    |sub bl,20
    00401168 |. 80fb 5a
    |cmp bl,5a
    0040116b |. 7e 02
    |jle short unpacked.0040116f
    0040116d |. B3 47
    |mov bl,47
    0040116f |> 80fb 41
    |cmp bl,41
    00401172 |. 7d 02
    |jge short unpacked.00401176
    00401174 |. B3 53
    |mov bl,53
    00401176 |>^eb df
    |jmp short unpacked.00401157
    00401178 |> 889a 87304000 |mov byte ptr ds:[edx+403087],bl ;<---- remplace in
    itial char by the Final char optained after some instructions.
    0040117e |. 83c2 02
    |add edx,2
    00401181 |. 41
    |inc ecx
    00401182 |. 3bc8
    |cmp ecx,eax
    00401184 |.^75 c1
    \jnz short unpacked.00401147 ;<---- loop until the
    name chars are finished
    **** End of routine 1 ****
    **** Routine 2 **** ( serial-2- Generation)
    00401186 |. 33c9
    00401188 |. 33d2
    ers
    0040118a |. 33db

    xor ecx,ecx ;\
    xor edx,edx ; }-------------------> "Zero" on regist
    xor ebx,ebx ;/

    0040118c |> 8a99 87304000 /mov bl,byte ptr ds:[ecx+403087]


    00401192 |. 03d3
    |add edx,ebx
    00401194 |. 41
    |inc ecx
    roc we add all chars optained from the First Routine
    00401195 |. 83f9 10
    |cmp ecx,10
    ult
    00401198 |.^75 f2
    \jnz short unpacked.0040118c
    0040119a
    ultiplied
    004011a0
    eax
    004011a3

    ;\
    ; }
    ; }-----> in this p
    ; }

    edx = res

    ;/

    |. 69c0 ff000000 imul eax,eax,0ff


    with 0FFh
    |. 0fafd0
    imul edx,eax

    ;<--- eax(= length of name) is m

    |. 81f2 abdfebac xor edx,acebdfab

    ;<--- we XoR edx with ACEBDFABh

    004011a9 |. 0fca
    INTEL format

    bswap edx

    ;<--- then we multiply edx with

    ;<--- edx content is convert to

    then we convert it to Hexadecimal Format (%lX) with wsprintf Function.


    004011ab |. 52
    004011ac |. 68 00304000

    push edx
    push unpacked.00403000

    ; /<%lX>
    ; |format =

    "%lX"
    004011b1 |. 68 18314000
    cked.00403118
    004011b6 |. E8 c3000000
    a

    push unpacked.00403118

    ; |s = unpa

    call <jmp.&user32.wsprintfa>

    ; \wsprintf

    **** End of routine 2 ****


    we generate after this 2 routine 2 serials: Serial-1- with 16 characters and Ser
    ial-2- with 8 characters
    those will be used to generate the final serial.
    **** Routine 3 **** ( serial-2- transformation)
    004011be |. 33db

    xor ebx,ebx \
    }----------------------> "Zero" on Regi

    sters
    004011c0 |. 33c9

    xor ecx,ecx /

    004011c2 |> 8a99 18314000 /mov bl,byte ptr ds:[ecx+403118] ;<--- we put chars
    on bl
    004011c8 |. 80fb 3a
    |cmp bl,3a
    004011cb |. 7c 02
    |jl short unpacked.004011cf
    004011cd |. Eb 09
    |jmp short unpacked.004011d8
    004011cf |> 80c3 11
    |add bl,11
    004011d2 |. 8899 18314000 |mov byte ptr ds:[ecx+403118],bl ;<-- replace initi
    al char with the final chars
    004011d8 |> 41
    |inc ecx
    004011d9 |. 83f9 08
    |cmp ecx,8
    004011dc |.^75 e4
    \jnz short unpacked.004011c2
    ;<--- loop until S
    erial2 chars are finished
    **** End of routine 3 ****
    **** Routine 4 **** ( Final serial Generation)
    004011de |. 33db
    004011e0 |. 33c9
    sters
    004011e2 |. 33d2

    xor ebx,ebx ;\
    xor ecx,ecx ; }---------------------> "Zero" on Regi

    004011e4 |> 8a99 18314000


    m Serial-2004011ea |. 889a 88304000
    rial-1004011f0 |. 83c2 02
    004011f3 |. 41
    004011f4 |. 83fa 10
    with 10h
    004011f7 |.^75 eb
    equal

    /mov bl,byte ptr ds:[ecx+403118]

    ;<-- one char fro

    |mov byte ptr ds:[edx+403088],bl

    ;<-- put it on Se

    |add edx,2
    |inc ecx
    |cmp edx,10

    ;<-- compare edx

    \jnz short unpacked.004011e4

    ;<-- loop if not

    xor edx,edx ;/

    **** End of routine 4 ****


    **** Comparaison routine ****

    00401201 |> 8a9a c8304000 /mov bl,byte ptr ds:[edx+4030c8]


    m the serial entered
    00401207 |. 8a82 87304000 |mov al,byte ptr ds:[edx+403087]
    Serial generated
    0040120d |. 33c3
    |xor eax,ebx
    al?
    0040120f |.^0f85 14ffffff |jnz unpacked.00401129
    to "Your Registration Code is invalid!"
    00401215 |. 8a9a c9304000 |mov bl,byte ptr ds:[edx+4030c9]
    bl
    0040121b |. 8a82 88304000 |mov al,byte ptr ds:[edx+403088]
    al
    00401221 |. 04 05
    |add al,5
    char of the Serial generated
    00401223 |. 38c3
    |cmp bl,al
    it with the Next char of the serial entered
    00401225 |.^0f85 fefeffff |jnz unpacked.00401129
    jump to "Your Registration Code is invalid!"
    0040122b |. 83c2 02
    |add edx,2
    0040122e |. 83fa 10
    |cmp edx,10
    00401231 |.^75 ce
    \jnz short unpacked.00401201
    he serial chars are finished.
    **** End of routine 4 ****

    ;<-- one char Fro


    ;<-- one From the
    ;<-- are they equ
    ;<-- if not jump
    ;<-- Next char on
    ;<-- Next char on
    ;<-- add 5 to the
    ;<-- the compare
    ;<-- if not equal

    ;<-- loop until t

    Вам также может понравиться